﻿using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.Linq;
using System.Web;

namespace Web.ManageInformation
{
    public class WebStudent
    {
        static public bool Validate(String CardID, String Password)
        {
            SqlConnection CardInformationConnect = new SqlConnection();
            CardInformationConnect.ConnectionString = "Data Source=.;Initial Catalog=CardInformation;Integrated Security=True";
            String SearchCardSQL = "SELECT * FROM [CardInformation].[dbo].[Card] WHERE [CardID] = '" + CardID + "' AND [Password] = '" + Password + "';";
            SqlCommand SearchCardCMD = new SqlCommand(SearchCardSQL, CardInformationConnect);
            CardInformationConnect.Open();
            bool Result = false;
            try
            {
                Result = SearchCardCMD.ExecuteReader().HasRows;
            }
            catch (Exception)
            {
                CardInformationConnect.Close();
                return false;
            }
            CardInformationConnect.Close();
            return Result;
        }
        static public bool CreateAccount(String CardID, String Password, String StudentID)
        {
            SqlConnection CardInformationConnect = new SqlConnection();
            CardInformationConnect.ConnectionString = "Data Source=.;Initial Catalog=CardInformation;Integrated Security=True";
            String SearchCardSQL = "INSERT INTO [CardInformation].[dbo].[Card] ([CardID],[StudentID], [Password]) VALUES ('" + CardID + "', '" + StudentID +"', '" + Password + "');";
            SqlCommand SearchCardCMD = new SqlCommand(SearchCardSQL, CardInformationConnect);
            CardInformationConnect.Open();
            bool Result = false;
            try
            {
                Result = (SearchCardCMD.ExecuteNonQuery() >= 1);
            }
            catch (Exception)
            {
                CardInformationConnect.Close();
                return false;
            }
            CardInformationConnect.Close();
            return Result;
        }
        static public bool ChangePassword(String CardID, String Password)
        {
            SqlConnection CardInformationConnect = new SqlConnection();
            CardInformationConnect.ConnectionString = "Data Source=.;Initial Catalog=CardInformation;Integrated Security=True";
            String SearchCardSQL = "UPDATE [dbo].[Card] SET [Password] = '" + Password + "' WHERE [CardID] = '" + CardID + "';";
            SqlCommand SearchCardCMD = new SqlCommand(SearchCardSQL, CardInformationConnect);
            CardInformationConnect.Open();
            bool Result = false;
            try
            {
                Result = (SearchCardCMD.ExecuteNonQuery() >= 1);
            }
            catch (Exception)
            {
                CardInformationConnect.Close();
                return false;
            }
            CardInformationConnect.Close();
            return Result;
        }
    }
}
